[German]Administrators of the Sophos UTM appliance should not install the recently released Sophos UTM 9.703 firmware, as may will cause massive issues. Sophos has pulled this firmware update. Addendum: Sophos confirmed the issues and is testing a fix, that will be available soon.
Sophos UTM is a complete, hardware-based security solution for corporate networks, including firewall etc. (see this Sophos website).
Sophos UTM 9.703 distributed via Up2Date
A few hours ago, Sophos began distributing the Sophos UTM 9.703 firmware version via Up2Date. This firmware update addresses a number of security vulnerabilities. Thorsten Sult had discussed this update and the closed vulnerabilities in this German blog post. This morning I received an email from Thorsten with the note:
Important information about the new firmware for Sophos UTM 9.703. Do not install this update. Unfortunately Sophos distributed it yesterday and today via Up2Date.
Nasty issues with Sophos UTM 9.703
There is a post on the Sophos forums by Bob, who has been experiencing nasty problems in his lab environment.
DO NOT INSTALL 9.703!!!
My lab system was Up2Dated to 9.703 Thursday evening at 10PM CDT (UTC -0500) and all connection with the outside world immediately stopped. My local connection would work normally a few minutes at a time and then everything would lock up for a few minutes. I could not identify the problem with top, but did see a lot of zombie confd processes. I lost the entire day of Friday because my wife has a big project due next week and was working via Microsoft Teams all day with her colleagues.
After installing the firmware update, all connections from the network to the outside were interrupted. He was unable to resolve this issue and recommended that Sophos remove the firmware update from the FTP server. In the thread other users describe problems with the firmware update.
In the meantime, Sophos itself has posted a notice on the page announcing the firmware update for UTM Up2Date 9.703, stating that the firmware update has been temporarily withdrawn. In the meantime, this advisory from Sophos on the issue ‘Sophos UTM – Traffic not passing after upgrading to v9.703’ has been released. It appears to have only affected a subset of Sophos UTM v9.703 systems.
Thorsten Sult points out in this blog post that the same applies to Sophos XG. Thanks to Thorsten for pointing this out.
A revision is tested now
Addendum: German blog reader Thorsten Sult informed me via a comment (thanks for that), that Sophos has updated advisory 135383 to reflect the issue. Incorrect communication between support and customers resulted in a fix for a reported issue not being included in the update. In addition, Sophos admits to inadequate testing due to the communication issues. The v9.703 firmware update is due to be released this week (starting 20 April 2020) – if testing is successful.